The Indian government’s security concerns over the country’s telecommunications networks have featured prominently in recent telecoms news – the government’s proposed ban on importing network equipment was swiftly followed by Research In Motion acquiescing to demands made by Indian security authorities in order to avert a ban on BlackBerry devices.
So, what exactly are the implications of India’s proposed security measures? Is India right to be concerned about the possibility its networks being hijacked by foreign vendors or operators? Where do the roots of these concerns lie? And what can be done to resolve this issue?
With 640 million connections and 20 million new subscribers every month, India’s booming telecoms market is one of the world’s fastest growing, but the majority of the country’s networks are built by foreign operators and based on foreign equipment. In addition to this, mobile is by far the predominant means of communication, with landlines few and far between. These facts have raised concerns within the Indian government that the country’s mobile networks are open to foreign infiltration.
These concerns manifested themselves in the form of new legislature introduced in December 2009 that made it mandatory for firms to obtain government clearance if they wished to import foreign-made telecoms equipment – a security measure which has slowed to a halt numerous procurement orders which, collectively, are worth billions.
However, the new guideline proposals are far more stringent: to obtain permission to sell equipment in India, foreign vendors would need to submit to frequent security inspections by Indian authorities, as well as granting the government access to their network architecture and source code.
This last point in particular has provoked outraged reactions from international vendors, many of whom are concerned that governments or third parties could pirate or even modify their closely guarded – and commercially valuable - source code. Much of the discontent stems from the variety of entities that would be eligible to inspect the network architecture, and the extent to which it would require inspection: the proposals state that firms would need to allow the Indian government as well as local operators and third-party security bodies to inspect “the hardware, software, design, development, manufacturing facility and supply chain”, and to “subject all software to a security/threat check”. The Indian government has claimed that source code would be protected by safeguards, meaning that it could only be accessed in the event of a security breach.
The severity of these measures is most evident in the punishments that vendors and operators face if their networks are found to harbour malware or spyware – operators face a fine of 500 million rupees (US$10.8 million) as well as the total value of the contract, while vendors are likely to be blacklisted. Equipment firms and operators are angered by the implication that any security breaches are their responsibility, as spyware and malware are typically designed to subvert the control of the operator – the punishments therefore seem unduly harsh, and were labelled ‘draconian’ by Ericsson.
Unsurprisingly, India’s proposals have inspired international backlash from operators and vendors, with roughly 20 telecoms firms from Europe, Japan and the US appealing to the Indian Commerce and Technology Ministers to revoke the new regulations. US trade groups have suggested that the proposed measures violate WTO guidelines, and have voiced concerns to the Secretary of State that if India is allowed to pass them, other countries will follow suit, even using India’s example as justification for the imposition of more stringent security. Foreign vendors would lose out on contracts worth billions of dollars if frozen out of the market, and many have voiced concerns that losing out on the Indian market could result in them facing bankruptcy.
India’s Telecoms department has made a statement attempting to justify the proposal, claiming that it comes in response to the ‘misuse’ of devices in the past in order to circumvent network security. Spokesman Satyendra Prakash has also claimed that the proposal is ‘in line’ with security measures imposed by other countries; the general consensus among industry observers is that while the measures are not entirely unreasonable in principle, in practice they go somewhat beyond international security standards.
The timing of the proposal is particularly bad, as 3G licences have only recently been awarded in India – and now, operators are worried that network expansion could falter or stall entirely. Speaking on condition of anonymity, one executive has noted: “Operators are under tremendous pressure…They have shelled out a huge sum for 3G licences. If this deadlock is allowed to continue, India would be confronted with the same situation as Europe in the post-spectrum auction, which led to the complete collapse of the industry.”
With repercussions as potentially extreme as this, the government’s true motives for its actions have naturally roused suspicions. Many detractors of India’s new proposal suspect that it could be motivated by self-interest, freezing foreign vendors out of the country’s prosperous market in order to secure lucrative contracts for Indian equipment vendors such as Tejas Networks. One of the root causes of this suspicion is India’s unofficial rivalry with China. Reports suggest that equipment orders with Chinese firms are being denied security clearance, while orders with European firms have been approved.
China’s two largest operators, ZTE and Huawei, have both held talks with India’s Department of Telecoms – allegedly in response to India attempting to target both firms with its new security proposal, although ZTE has claimed that the new regulations are intended to apply equally to all vendors, and are not specifically aimed at Chinese firms. The two Chinese firms have an order backlog that is valued at around US$750 million. Employees at the Department of Telecoms have claimed that both companies feature on a ‘blacklist’ of firms not yet cleared to sell telecoms equipment; although the accuracy of this assertion is unclear, both companies were among those targeted last year with antidumping duties by the Indian government.
China’s foothold in the Indian market has increased dramatically in recent years, with Chinese firms taking custom from western companies, many of which had looked to growth opportunities in Asia as a means of offsetting their losses in the near-saturated western markets. India’s trade deficit with China last fiscal year was US$21.4 billion, with telecom exports representing $3 billion of this figure – a sizeable 14% of the total. The Indian government’s anxiety over this discrepancy is perhaps reflected by the aforementioned antidumping charges, which could be seen as an attempt to prevent Chinese vendors from undercutting Indian suppliers. India’s apparently hostile attitude towards China could stem from the turbulent history of the two nations – the Sino-Indian Border Conflict of 1962 was caused by disputes over borders which continue to this day.
It may be impossible to determine whether India truly suspects Chinese firms of attempting to infiltrate its mobile networks more than any other foreign companies, or if this is the country’s true motive in introducing such stringent security measures. One of India’s largest operators, Tata Teleservices, has awarded a 3G contract to Huawei, suggesting that service providers are able to obtain permission to import equipments. Nonetheless, the vendors who will bear the brunt of the regulations are concerned about the precedent the new rules could set.
One potential solution was raised recently by ITU Secretary General, Dr Hamadoun Touré. In a recent interview in London, Dr Touré spoke on the issue of international cyber-security, addressing India’s distrust of China by outlining the potential terms of an international cyber-security treaty. Dr Touré said that by pledging not to initiate cyber-attacks against other countries, signatories would be able to have full confidence in the security of their telecoms networks and communications infrastructure – an environment that would allow business with foreign partners to flourish. While Dr Touré observed that obtaining an international agreement would be a difficult process, he considers avoiding a cyberwar to be the most important issue currently facing the ITU.